A fix is available
APAR status
Closed as program error.
Error description
There are a number of vulnerabilities in the IBM JAVA SDK versions that affect various components (ORB, XML and JMX). Some of the issues need to be combined in sequence to achieve an exploit. This occurs when the affected JRE is installed as the system JRE. For example this can occur when a JRE is running Java applet or Web Start application. These vulnerabilities are only applicable to client-side Java deployments where untrusted code may be executed. The TPC versions affected include: 5.1.0 4.2.0 through 4.2.2.143 (4.2.2 FP3) 4.1.x 3.x
Local fix
Until a fix is available with TPC, download IBM Java 6 SR12 from the developerWorks site for AIX and Linux. Contact IBM support if you need the IBM Java 6 SR12 package for Windows. Uninstall any existing Java versions you have and install IBM Java 6 SR12.
Problem summary
**************************************************************** * USERS AFFECTED: All TPC users who download IBM Java from * * TPC for the Java Web Start GUI. * **************************************************************** * PROBLEM DESCRIPTION: TPC 4.2.2.143 and earlier include IBM * * Java 6 SR 9 or earlier, which is * * affected by a security vulnerability. * * * * Security Bulletin: * * http://www-01.ibm.com/support/docview.w * * ss?uid=swg21616708 * **************************************************************** * RECOMMENDATION: * **************************************************************** -
Problem conclusion
The Java packaged with TPC has been updated to resolve the issue. Use IBM Java 6 SR12 or higher. The following steps apply to the Tivoli Storage Productivity Center GUI launched via Java Web Start on remote systems. Uninstall any versions of Java prior to IBM Java 6 SR12. Download and install IBM Java 6 SR12. Launch the Tivoli Storage Productivity Center GUI using the JNLP file and Java Web Start. Note: Do not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions. Once you have upgraded your Tivoli Storage Productivity Center components to a level with the fix, you can use the links again as they will then allow you to download IBM Java 6 SR12. Until the fix is available in a Tivoli Storage Productivity Center maintenance release, you can download the new Java 6 SR12 packages directly from the IBM developerWorks web site or by contacting IBM Support.
Temporary fix
Comments
APAR Information
APAR number
IC88003
Reported component name
TPC STANDARD ED
Reported component ID
5608TPCS0
Reported release
422
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-07
Closed date
2012-12-06
Last modified date
2012-12-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TPC STANDARD ED
Fixed component ID
5608TPCS0
Applicable component levels
R422 PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS5R93","label":"IBM Spectrum Control"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"422","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
23 March 2022